Linting OCSP responses

[jsha]

In this bug, Apple shared a very thorough list of lints they apply to OCSP responses from their own issuance infrastructure. It would be useful to implement these in an open-source linter. Are the folks here interested in incorporating an OCSP linter into zlint? Do you think it would be better as a separate project?

[zakird]

This came up once in the past #382. I think the consensus is: Yes! We'd love to have them, but we should structure their addition such that they don't make running or maintaining existing certificate lints more difficult.

[cardonator]

I think this fits into our sets of lints nicely, we could even exclude OCSP/CRL lints by default.

[Legrandin]

+1 for being able to linting CRLs too

[pgporada]

We've been reviewing the entire corpus of Mozilla Bugzilla CA incidents and this has come up for another CA.

[kowshikRoy]

Hi Maintainers,
I would be happy to work on implementing OCSP linting. The question is:

• Given that CAB Forum has made OCSP optional in v2.0.1 (SC63)

Please let me know. We're planning to implement something internally which we can think of contribute to zlint.
Let me know if there is interest?